You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@poi.apache.org by bu...@apache.org on 2021/12/13 09:09:04 UTC
[Bug 65741] New: java.lang.IllegalArgumentException in `org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434` poi 5.1.0
https://bz.apache.org/bugzilla/show_bug.cgi?id=65741
Bug ID: 65741
Summary: java.lang.IllegalArgumentException in
`org.apache.poi.openxml4j.opc.internal.PackageProperti
esPart.setCreatedProperty::PackagePropertiesPart.java:
434` poi 5.1.0
Product: POI
Version: 5.0.x-dev
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: OPC
Assignee: dev@poi.apache.org
Reporter: wenjiezander@gmail.com
Target Milestone: ---
# java.lang.IllegalArgumentException in
`org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434`
poi 5.1.0
This vulnerability is of java.lang.IllegalArgumentException, and can be
triggered in latest version poi (5.1.0).
It is caused by passing an illegal or inappropriate argument into a method and
can can be used for attackers to launch DoS (Denial of Service) attack for any
java program that uses this library (since the user of metadata-extractor
doesn't know they need to catch this kind of exception) ( CWE-248: Uncaught
exception).
Likely, the root cause of this crash is in
`org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434`.
See more detail from the following crash stack.
# Crash stack:
The crash thread's stack is as follows:
```
org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434
org.apache.poi.openxml4j.opc.internal.unmarshallers.PackagePropertiesUnmarshaller.unmarshall::PackagePropertiesUnmarshaller.java:122
org.apache.poi.openxml4j.opc.OPCPackage.getParts::OPCPackage.java:760
org.apache.poi.openxml4j.opc.OPCPackage.open::OPCPackage.java:315
org.apache.poi.ooxml.util.PackageHelper.open::PackageHelper.java:47
org.apache.poi.xssf.usermodel.XSSFWorkbook.<init>::XSSFWorkbook.java:296
com.test.Entry.main::Entry.java:32
org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setDateValue::PackagePropertiesPart.java:697
org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:432
```
# Steps to reproduce:
1. Build the following java code with the corresponding poi library (version
5.1.0).
```
## Download poi_env_reproduce.zip from
https://drive.google.com/file/d/1N4gUC0MF-SAN-Xz0van0_7TbNj4aUuFd/view?usp=sharing
unzip poi_env_reproduce.zip
cd poi_env_reproduce
bash build.sh
```
2. Run the built program to see the crash by feeding one of the poc file
contained in the pocs.tar.gz, e.g. :
```bash
java -jar target/Entry-1.0-SNAPSHOT-jar-with-dependencies.jar
pocs/crash-eb5abc12c6bc956e4f75b20d4325d015e0031918
```
Any further discussion for this vulnerability including fix is welcomed!
Feel free to contact me at wenjiezander@gmail.com
(https://github.com/ZanderHuang)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65741] java.lang.IllegalArgumentException in `org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434` poi 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65741
--- Comment #4 from PJ Fanning <fa...@yahoo.com> ---
added r1895877
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65741] java.lang.IllegalArgumentException in `org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434` poi 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65741
wenjiezander@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65741] java.lang.IllegalArgumentException in `org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434` poi 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65741
--- Comment #7 from PJ Fanning <fa...@yahoo.com> ---
the behaviour has changed - I just validated that v5.1.0 has the
IllegalArgumentException but latest code throws this instead:
org.apache.poi.ooxml.POIXMLException:
org.apache.poi.openxml4j.exceptions.InvalidFormatException: Date
2017-a4-05T05:50:00Z not well formatted, expected format in:
yyyy-MM-dd'T'HH:mm:ssz, yyyy-MM-dd'T'HH:mm:ss.Sz, yyyy-MM-dd'T'HH:mm:ss.SSz,
yyyy-MM-dd'T'HH:mm:ss.SSSz, yyyy-MM-dd'T'HH:mm:ss'Z',
yyyy-MM-dd'T'HH:mm:ss.SS'Z', yyyy-MM-dd
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65741] java.lang.IllegalArgumentException in `org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434` poi 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65741
--- Comment #5 from PJ Fanning <fa...@yahoo.com> ---
changed to r1895882
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65741] java.lang.IllegalArgumentException in `org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434` poi 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65741
wenjiezander@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEEDINFO |RESOLVED
--- Comment #8 from wenjiezander@gmail.com ---
thanks, I will change the status of this thread from NEEDINFO to resolved.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65741] java.lang.IllegalArgumentException in `org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434` poi 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65741
PJ Fanning <fa...@yahoo.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #3 from PJ Fanning <fa...@yahoo.com> ---
marking all these as need info - can you explain in plain English what you are
testing? are you testing that POI can't handle garbage input? and what do you
expect POI to do when it gets garbage input?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65741] java.lang.IllegalArgumentException in `org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434` poi 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65741
--- Comment #1 from wenjiezander@gmail.com ---
The poc file and report can be downloaded from
https://drive.google.com/drive/folders/1RsDEtpjmv3adeLg0E0H4g4FicUKxdpgG?usp=sharing
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65741] java.lang.IllegalArgumentException in `org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434` poi 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65741
--- Comment #2 from wenjiezander@gmail.com ---
Created attachment 38130
--> https://bz.apache.org/bugzilla/attachment.cgi?id=38130&action=edit
The poc file causes java.lang.IllegalArgumentException in
`org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434`
poi 5.1.0
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65741] java.lang.IllegalArgumentException in `org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434` poi 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65741
--- Comment #6 from wenjiezander@gmail.com ---
I have tested in 5.2.0-SNAPSHOT taken from
https://ci-builds.apache.org/job/POI/job/POI-DSL-1.8/lastSuccessfulBuild/artifact/build/dist/
This bug is still reproducible.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org